Message gateway with hybrid proxy/store-and-forward logic

ABSTRACT

Described is a technology by which an email filtering service or other gateway includes hybrid proxy and store-and-forward logic. A message is initially processed with proxy logic. If the proxy logic is unable to complete filtering/scanning of a message within a timeout period, the store-and-forward logic is invoked to complete filtering/scanning of the message. The store-and-forward logic also may be invoked if a delivery attempt made by the proxy logic fails or does not complete prior to a delivery timeout period. When such a condition is met, the store-and-forward logic accepts the message, including storing the message, sending a response that indicates the message was accepted, and closing the connection over which the message was received. The store-and-forward logic may complete any scanning if not completed by the proxy logic, and takes over delivery responsibilities.

BACKGROUND

With hosted email filtering services, outside client senders attemptingto send a mail message to a SMTP (simple mail transport protocol)delivery system are instead directed to an email filteringservice/server (hereinafter “filtering service” for brevity). Thefiltering service, commonly implemented as an SMTP relay or gateway,either accepts or rejects the message. For example, messages from knownbad senders (e.g., “spammers”) may be rejected. If the message isaccepted, the filtering service has responsibility for communicating themessage to the delivery SMTP system.

The filtering service scans the message header and body in order tohandle undesirable messages differently from other messages. In general,with respect to receiving messages, scanning them and deliverycommunications, such filtering services use either “proxy” semantics or“store-and-forward” semantics. Each type of semantics has benefits anddrawbacks.

Proxy semantics operate over a TCP connection between the outside SMTPsending client and the filtering service, and a similar connectionbetween the filtering service and the delivery system. A proxy-basedfiltering service processes (scans) messages and proxies communicationsback and forth to and from the delivery server and sender, withoutwriting the message to disk or taking formal responsibility for themessage. This is simple, inexpensive, facilitates high throughput,introduces relatively little latency for most messages, and avoids theneed for sending bounce messages/NDRs (Non-Delivery Reports/Receipts) orquarantining messages.

However, with proxy semantics, the connection between the outside clientand the filtering service has to be held open while scanning takesplace; for slow connections and/or large messages (including messageswith large attachments), this can be error-prone. Further, if atransient error occurs while attempting to deliver to the deliverysystem, the entire conversation needs to unwind and be retried later,including performing redundant scanning on the resubmitted message.Still further, when under heavy load, a proxy-based filtering servicemay not be able to handle received messages, and instead has to return aresponse (e.g., a 400-level response) to the outside sending clientsthat basically instructs those clients to try again later.

In contrast, store-and-forward type filtering services write eachaccepted input message to disk and then close the connection with theoutside sender. Store-and-forward type filtering services then processthe message as needed, and maintain it until the forwarding of themessage to the delivery system is successful. This provides morepredictable and reliable results in specific situations, such as whenthe delivery system (destination mail server) is unavailable, or when amessage is particularly large. By storing messages, large messagesincluding messages with large attachments can be analyzed withoutneeding to hold open TCP connections. Further, transient errors may beovercome by re-attempting message sending until successful, withoutsubjecting the message to redundant filtering. Still further, if thefiltering service is under heavy load, the filtering service can stillaccept mail, which remains queued until the load lessens.

However, drawbacks to store-and-forward semantics include that storageis costly. Further, rejected mail needs to be handled somehow, asdeleting the mail is counter to the SMTP specification, while NDR bouncenotices that are sent are often mistaken as spam. Quarantining messagesadds storage costs. Still further, there is more latency in end-to-enddelivery, and there is a risk of mail loss if the filtering servicecrashes or fails after taking formal responsibility for a message, butbefore the message is delivered.

SUMMARY

This Summary is provided to introduce a selection of representativeconcepts in a simplified form that are further described below in theDetailed Description. This Summary is not intended to identify keyfeatures or essential features of the claimed subject matter, nor is itintended to be used in any way that would limit the scope of the claimedsubject matter.

Briefly, various aspects of the subject matter described herein aredirected towards a technology in a gateway/relay such as an emailfiltering service that includes proxy and store-and-forward logic. Whenan electronic message (e.g., email message) is received, the message isinitially processed with proxy logic. The service (e.g., the proxy logictherein) may determine to further process the message with thestore-and-forward logic based upon detection of one or more conditions.For example, one condition may be that the proxy logic is unable tocomplete filtering scanning of a message within a timeout period,whereby the proxy logic invokes the store-and-forward logic to completeprocessing of the message. Other conditions include that a deliveryattempt made in the proxy logic has not completed prior to a deliverytimeout period, or failed, e.g., due to a transient error.

When such a condition is met, the store-and-forward logic accepts themessage, including storing the message, sending a response thatindicates the message was accepted, and closing the connection overwhich the message was received. The store-and-forward logic may completeany scanning if not completed by the proxy logic. The message (if notblocked by any scanning) is queued for delivery, and delivery attempted,which may be reattempted (e.g., if a transient error occurs) until themessage is delivered,

Other advantages may become apparent from the following detaileddescription when taken in conjunction with the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

The present invention is illustrated by way of example and not limitedin the accompanying figures in which like reference numerals indicatesimilar elements and in which:

FIG. 1 is a block diagram representing example components and electronicmessage data flow in a hybrid proxy/store-and-forward filtering service.

FIGS. 2-4 comprise a flow diagram showing proxy logic interacting withstore-and-forward logic for filtering and delivering electronicmessages.

FIG. 5 is representation of an alternative hybridproxy/store-and-forward filtering service implemented with multipleservices/servers.

FIG. 6 is representation of an alternative hybridproxy/store-and-forward filtering service implemented with pools and/orchains of servers.

FIG. 7 shows an illustrative example of a computing environment intowhich various aspects of the present invention may be incorporated.

DETAILED DESCRIPTION

Various aspects of the technology described herein are generallydirected towards an email filtering service that exhibits proxysemantics, yet is capable of dynamically operating with astore-and-forward semantics as needed, such as under abnormal conditionsor for large messages. The email filtering service may dynamically adoptproxy and/or store-and-forward semantics on a per-message basis orper-connection basis (e.g., some set of messages on a connection). Forexample, most messages are sent using proxy semantics, however if atransient message delivery error occurs on a given message, or aspecified timeout elapses, the filtering service in general behaves likea store-and-forward filtering service, e.g., accepts and stores themessage until delivered.

It should be understood that any of the examples herein arenon-limiting. As one example, while email messages are described, anyother type of electronic communications may benefit from the technologydescribed herein. Further, while the gateway/relay is exemplified hereinas a filtering service, a gateway/relay routing service (that does notnecessarily perform filtering) may benefit from the technology describedherein. As such, the present invention is not limited to any particularembodiments, aspects, concepts, structures, functionalities or examplesdescribed herein. Rather, any of the embodiments, aspects, concepts,structures, functionalities or examples described herein arenon-limiting, and the present invention may be used various ways thatprovide benefits and advantages in data communications in general.

FIG. 1 shows a block diagram in which a client sender 102 sends amessage 104 a intended for a delivery recipient, which is actually firstdirected to a filtering service 106. As will be understood, if notblocked via filtering, the filtering service 106 attempts to communicatethe message 104 b to a delivery system 108.

Initially the communication is by a proxy mechanism 110 (logic) thatimplements proxy semantics. However, if proxy-based forwarding does notwork as desired, the message is instead provided to a store-and-forwardmechanism 112 (logic) that implements store-and-forward semantics. Asdescribed below, message scanning (as represented by the scanner 114)may take place while the message is being processed by the proxymechanism 110, while the message is being processed by thestore-and-forward mechanism 112, or partially during proxy mechanism 110processing and partially during store-and-forward mechanism 112processing.

FIGS. 2-4 comprise a flow diagram representing example steps performedby the proxy mechanism 110 (generally FIGS. 2 and 3) and thestore-and-forward mechanism 112 (generally FIG. 4). Step 202 representsthe client sender connecting to the filtering service 106, e.g., asdirected by a DNS service, and step 204 represents the client sendersending message headers to the filtering service 106.

At this time, proxy semantics are operational, and the incomingconnection is kept open while the filtering service performs (relativelyfast) header scans on the message. As is known, many messages arerejected based on their header data, which is represented by step 208branching to reject the message.

If not blocked at step 208, the client sends the message body to thefiltering service 106, which begins scanning the message at step 212.Depending on the message body size, including any attachments, the bodyscan may be completed relatively quickly or relatively slowly.

As represented by step 214, the scan continues while the connectionremains open for up to a timeout period, which may be configurable bythe administrator or the like of the filtering service. During thisscan, if the message body contains content that is blocked, the messageis rejected, which is represented by step 214 branching to reject themessage. If the body scan completes without blocking, the processcontinues to FIG. 3 as described below.

In contrast to conventional proxy-based filtering, the timeout period atstep 214 may be reached before the scan completes on a message that hasnot been blocked (although the message may be blocked later). If so, theprocess continues the scan using store-and-forward logic, as describedbelow.

More particularly, step 302 determines whether the body scans havecompleted or whether the timeout period has been reached. If notcompleted, step 302 branches to FIG. 4, described below, wherestore-and-forward semantics are implemented.

If the scans are complete, the message is attempted to be delivered,still maintaining proxy semantics at this time. To this end, thefiltering service 106 connects to the delivery system (step 304) andattempts to deliver the message (step 306). However, there may beproblems with the attempt, as represented by step 308 timing out theattempt, or step 310 detecting delivery failure from a transientcondition. If such a condition occurs, the process branches to FIG. 4,described below, for processing by the store-and-forward logic.

Step 312 represents receiving the result from the delivery service,which is returned to the client sender at step 314. As with conventionalproxy operations, because there was no condition that triggeredstore-and-forward processing, the success or failure (step 316) isreturned to the client sender without the filtering service havingstored or otherwise taken any responsibility for handling the message,other than generally scanning it.

Turning to store-and-forward aspects that occur under a condition suchas described above, step 402 of FIG. 4 represents the filtering serviceaccepting the message, including storing it and taking responsibilityfor attempting delivery. For example, the filtering service closes theconnection with the client after returning an appropriate response(e.g., a 250 OK response) and formally taking ownership of the message.The message is subsequently handled with the store-and-forward logic.Note that if the body scans have not completed (e.g., FIG. 4 was reachedvia step 302 of FIG. 3), then they are continued at step 406, where themessage may be blocked (quarantined) via step 408.

If the scans have completed without blocking, or the store-and-forwardlogic of FIG. 4 was reached via step 308 or 310, the message is queuedfor delivery at step 410. Steps 412 and 414 represent the attempt toconnect and deliver the message, which may be re-attempted in view of atransient error (at least some number of times) via step 416, that is,the message is re-queued (or not dequeued) and a retry attempted later.In the event the delivery is not successful, step 418 returns an NDRmessage to the client sender.

Note that the above flow diagram steps are only examples, and other waysto switch from proxy operations to store-and-forward operations may beimplemented. For example, a message that is large may be more directlyhandled by the store-and-forward logic, such that the proxy logic neednot perform scanning up to the time limit but switch that message to thestore-and-forward logic sooner, freeing proxy-related resources forscanning other messages. During times of high load, the filteringservice may also provide messages to store-and-forward logic, e.g.,without necessarily involving the proxy logic. As another alternative,multiple messages on the same connection may be received, and as soon asany one of those messages is handled by the store-and-forward logic, anymessages thereafter may be handled by the store-and-forward logic aswell, (e.g., to help keep those messages in order). In general, thefiltering service may switch to store-and-forward logic instead of proxylogic at any time for any given message.

As can be seen, in this hybrid model, proxy semantics are used whenpossible, e.g., except for conditions deemed unusual, such astime-consuming scans, delivery timeouts, or delivery failures due totransient conditions. For a large majority of messages under normalconditions, the advantages of proxy semantics are obtained, e.g., smallmessages that can be expediently scanned and delivered impose no storageor disk I/O cost on the filtering service.

For other situations, store-and-forward semantics are used. Doing soovercomes the drawbacks of proxy-based filtering that result withrespect to large messages/abnormal conditions, including when scans onthe message body take longer than a desired timeout period, messagedelivery cannot be completed within a desired timeout period, or messagedelivery fails due to a transient error. In this store-and-forward partof the hybrid model, connections are not held open for significantamounts of time, which frees up network ports for the client andfiltering service.

Further, note that any scanning, processing, or other activities thatwere completed prior to accepting the message need not be repeated afteracceptance. Thus, the total amount of processing that is performed onany message is basically unchanged; a difference is the division oflabor between the client and the filtering service in dealing withmessages that cannot be delivered in a timely fashion. Messages do nothave to pass through the filtering service more than once, as the clientis shielded from any transient errors that may originate from thedelivery server. For example, if the delivery server is temporarilydown, this fact is masked from the client.

Turning to alternative implementations, FIGS. 5 and 6 arerepresentations of a large-scale service deployment that handles emailfiltering and/or routing via a hybrid model as described above, usingpools of servers and/or chained servers. In the alternative of FIG. 5for example, a message may handled by a plurality of services/servers506, 507 generally having different configurations to match theirroles/functionalities. For example, a sender 102 sends a message (thearrow labeled (1)) to a proxy part of the filtering service 506, whichmay comprise one or more servers. If scanning and delivery (or routing)are able to be performed by this proxy service 506, then the message issent via proxy logic (the arrow labeled (2)).

However, upon hitting a condition where the message is not scanned intime or not delivered as described above, (the crossed-out, dashed arrowlabeled (2B)), the message may be handed off to a separate service 507(server(s) or subsystem) within the filtering service for scanningcompletion and/or delivery (dashed arrows 3B and 4B). This allows a mainpart of the filtering service to contain purely stateless hosts (whichare amenable to virtualization), while permitting the statefulstore-and-forward duties to be on a service 507 comprising one or moreother more appropriately-configured machines, e.g., disk-heavy unitsand/or machines with dedicated redundant storage.

FIG. 6 shows another alternative implementation, (which also may beconfigured with a multiple-part service as in FIG. 5). In FIG. 6,different aspects of message handling, e.g., receiving, scanning anddelivery are handled by different sets of servers 660-662, respectively,with any load balancing (LB) performed in between as needed. Note thatany set of servers may be configured for hybrid proxy/store-and-forwardprocessing.

Exemplary Operating Environment

FIG. 7 illustrates an example of a suitable computing and networkingenvironment 700 into which the examples and implementations of any ofFIGS. 1-6 may be implemented. The computing system environment 700 isonly one example of a suitable computing environment and is not intendedto suggest any limitation as to the scope of use or functionality of theinvention. Neither should the computing environment 700 be interpretedas having any dependency or requirement relating to any one orcombination of components illustrated in the exemplary operatingenvironment 700.

The invention is operational with numerous other general purpose orspecial purpose computing system environments or configurations.Examples of well known computing systems, environments, and/orconfigurations that may be suitable for use with the invention include,but are not limited to: personal computers, server computers, hand-heldor laptop devices, tablet devices, multiprocessor systems,microprocessor-based systems, set top boxes, programmable consumerelectronics, network PCs, minicomputers, mainframe computers,distributed computing environments that include any of the above systemsor devices, and the like.

The invention may be described in the general context ofcomputer-executable instructions, such as program modules, beingexecuted by a computer. Generally, program modules include routines,programs, objects, components, data structures, and so forth, whichperform particular tasks or implement particular abstract data types.The invention may also be practiced in distributed computingenvironments where tasks are performed by remote processing devices thatare linked through a communications network. In a distributed computingenvironment, program modules may be located in local and/or remotecomputer storage media including memory storage devices.

With reference to FIG. 7, an exemplary system for implementing variousaspects of the invention may include a general purpose computing devicein the form of a computer 710. Components of the computer 710 mayinclude, but are not limited to, a processing unit 720, a system memory730, and a system bus 721 that couples various system componentsincluding the system memory to the processing unit 720. The system bus721 may be any of several types of bus structures including a memory busor memory controller, a peripheral bus, and a local bus using any of avariety of bus architectures. By way of example, and not limitation,such architectures include Industry Standard Architecture (ISA) bus,Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, VideoElectronics Standards Association (VESA) local bus, and PeripheralComponent Interconnect (PCI) bus also known as Mezzanine bus.

The computer 710 typically includes a variety of computer-readablemedia. Computer-readable media can be any available media that can beaccessed by the computer 710 and includes both volatile and nonvolatilemedia, and removable and non-removable media. By way of example, and notlimitation, computer-readable media may comprise computer storage mediaand communication media. Computer storage media includes volatile andnonvolatile, removable and non-removable media implemented in any methodor technology for storage of information such as computer-readableinstructions, data structures, program modules or other data. Computerstorage media includes, but is not limited to, RAM, ROM, EEPROM, flashmemory or other memory technology, CD-ROM, digital versatile disks (DVD)or other optical disk storage, magnetic cassettes, magnetic tape,magnetic disk storage or other magnetic storage devices, or any othermedium which can be used to store the desired information and which canaccessed by the computer 710. Communication media typically embodiescomputer-readable instructions, data structures, program modules orother data in a modulated data signal such as a carrier wave or othertransport mechanism and includes any information delivery media. Theterm “modulated data signal” means a signal that has one or more of itscharacteristics set or changed in such a manner as to encode informationin the signal. By way of example, and not limitation, communicationmedia includes wired media such as a wired network or direct-wiredconnection, and wireless media such as acoustic, RF, infrared and otherwireless media. Combinations of the any of the above may also beincluded within the scope of computer-readable media.

The system memory 730 includes computer storage media in the form ofvolatile and/or nonvolatile memory such as read only memory (ROM) 731and random access memory (RAM) 732. A basic input/output system 733(BIOS), containing the basic routines that help to transfer informationbetween elements within computer 710, such as during start-up, istypically stored in ROM 731. RAM 732 typically contains data and/orprogram modules that are immediately accessible to and/or presentlybeing operated on by processing unit 720. By way of example, and notlimitation, FIG. 7 illustrates operating system 734, applicationprograms 735, other program modules 736 and program data 737.

The computer 710 may also include other removable/non-removable,volatile/nonvolatile computer storage media. By way of example only,FIG. 7 illustrates a hard disk drive 741 that reads from or writes tonon-removable, nonvolatile magnetic media, a magnetic disk drive 751that reads from or writes to a removable, nonvolatile magnetic disk 752,and an optical disk drive 755 that reads from or writes to a removable,nonvolatile optical disk 756 such as a CD ROM or other optical media.Other removable/non-removable, volatile/nonvolatile computer storagemedia that can be used in the exemplary operating environment include,but are not limited to, magnetic tape cassettes, flash memory cards,digital versatile disks, digital video tape, solid state RAM, solidstate ROM, and the like. The hard disk drive 741 is typically connectedto the system bus 721 through a non-removable memory interface such asinterface 740, and magnetic disk drive 751 and optical disk drive 755are typically connected to the system bus 721 by a removable memoryinterface, such as interface 750.

The drives and their associated computer storage media, described aboveand illustrated in FIG. 7, provide storage of computer-readableinstructions, data structures, program modules and other data for thecomputer 710. In FIG. 7, for example, hard disk drive 741 is illustratedas storing operating system 744, application programs 745, other programmodules 746 and program data 747. Note that these components can eitherbe the same as or different from operating system 734, applicationprograms 735, other program modules 736, and program data 737. Operatingsystem 744, application programs 745, other program modules 746, andprogram data 747 are given different numbers herein to illustrate that,at a minimum, they are different copies. A user may enter commands andinformation into the computer 710 through input devices such as atablet, or electronic digitizer, 764, a microphone 763, a keyboard 762and pointing device 761, commonly referred to as mouse, trackball ortouch pad. Other input devices not shown in FIG. 7 may include ajoystick, game pad, satellite dish, scanner, or the like. These andother input devices are often connected to the processing unit 720through a user input interface 760 that is coupled to the system bus,but may be connected by other interface and bus structures, such as aparallel port, game port or a universal serial bus (USB). A monitor 791or other type of display device is also connected to the system bus 721via an interface, such as a video interface 790. The monitor 791 mayalso be integrated with a touch-screen panel or the like. Note that themonitor and/or touch screen panel can be physically coupled to a housingin which the computing device 710 is incorporated, such as in atablet-type personal computer. In addition, computers such as thecomputing device 710 may also include other peripheral output devicessuch as speakers 795 and printer 796, which may be connected through anoutput peripheral interface 794 or the like.

The computer 710 may operate in a networked environment using logicalconnections to one or more remote computers, such as a remote computer780. The remote computer 780 may be a personal computer, a server, arouter, a network PC, a peer device or other common network node, andtypically includes many or all of the elements described above relativeto the computer 710, although only a memory storage device 781 has beenillustrated in FIG. 7. The logical connections depicted in FIG. 7include one or more local area networks (LAN) 771 and one or more widearea networks (WAN) 773, but may also include other networks. Suchnetworking environments are commonplace in offices, enterprise-widecomputer networks, intranets and the Internet.

When used in a LAN networking environment, the computer 710 is connectedto the LAN 771 through a network interface or adapter 770. When used ina WAN networking environment, the computer 710 typically includes amodem 772 or other means for establishing communications over the WAN773, such as the Internet. The modem 772, which may be internal orexternal, may be connected to the system bus 721 via the user inputinterface 760 or other appropriate mechanism. A wireless networkingcomponent 774 such as comprising an interface and antenna may be coupledthrough a suitable device such as an access point or peer computer to aWAN or LAN. In a networked environment, program modules depictedrelative to the computer 710, or portions thereof, may be stored in theremote memory storage device. By way of example, and not limitation,FIG. 7 illustrates remote application programs 785 as residing on memorydevice 781. It may be appreciated that the network connections shown areexemplary and other means of establishing a communications link betweenthe computers may be used.

An auxiliary subsystem 799 (e.g., for auxiliary display of content) maybe connected via the user interface 760 to allow data such as programcontent, system status and event notifications to be provided to theuser, even if the main portions of the computer system are in a lowpower state. The auxiliary subsystem 799 may be connected to the modem772 and/or network interface 770 to allow communication between thesesystems while the main processing unit 720 is in a low power state.

CONCLUSION

While the invention is susceptible to various modifications andalternative constructions, certain illustrated embodiments thereof areshown in the drawings and have been described above in detail. It shouldbe understood, however, that there is no intention to limit theinvention to the specific forms disclosed, but on the contrary, theintention is to cover all modifications, alternative constructions, andequivalents falling within the spirit and scope of the invention.

What is claimed is:
 1. A computer implemented method comprising:receiving, by a gateway implemented on at least one processor, anelectronic message from a client sender that is intended for a deliverysystem, the gateway including proxy logic and store-and-forward logic;determining whether the electronic message is to be blocked or processedbased upon at least one of header data, data identified in theelectronic message, or a detected connection status; responsive to adetermination that the electronic message is to be blocked, rejectingthe message using the proxy logic; responsive to a determination thatthe electronic message is to be processed, continuing to process theelectronic message using the proxy logic to perform on or more scanswithin a timeout period; determining whether to continue processing theelectronic message using the proxy logic or the store-and-forward logicbased upon one or more conditions, the one or more conditions includingat least one of the timeout period, a delivery failure, a transientcondition, a current load, or a message size, wherein determiningwhether to continue processing the electronic message further comprises:responsive to a determination to continue processing the electronicmessage using the proxy logic, maintaining a connection with the clientsender over which the electronic message was received; and responsive toa determination to continue processing the electronic message using thestore-and-forward logic, closing the connection with the client senderover which the electronic message was received.
 2. The method of claim 1wherein determining whether to continue processing the electronicmessage using the proxy logic or the store-and-forward logic furthercomprises: scanning at least part of the electronic message, includingperforming the one or more scans of the header data or performing theone or more scans of body data of the electronic message.
 3. The methodof claim 1 wherein determining whether the one or more scans of theelectronic message using the proxy logic completed within the timeoutperiod further comprises: determining whether the one or more scanscompleted included all body scans of the electronic message prior to thetimeout period ending; responsive to a determination that the one ormore scans finished all the body scans of the electronic message priorto the timeout period ending, continuing to process the electronicmessage using the proxy logic; and responsive to a determination thatthe one or more scans did not finish all the body scans of theelectronic message prior to the timeout period ending, continuing toprocess the electronic message using the store-and-forward logic tocomplete scanning of the electronic message.
 4. The method of claim 1wherein further processing the electronic message using thestore-and-forward logic comprises: determining whether at least one scanof the one or more scans of the electronic message results in a messageblock; responsive to a determination that the at least one scan does notresult in the message block, queuing the electronic message fordelivery; and responsive to a determination that the at least one scanresults in the message block, quarantining the electronic message. 5.The method of claim 1 wherein determining to continue processing theelectronic message using the store-and-forward logic further comprises:determining whether a delivery attempt of the electronic message usingthe proxy logic has completed prior to a delivery timeout period ending;responsive to a determination that the delivery attempt has completedprior to the delivery timeout period ending, sending a delivery successmessage to the client sender using the proxy logic; and responsive to adetermination that the delivery attempt has not completed prior to thedelivery timeout period ending, continue processing the electronicmessage using the store-and-forward logic, including accepting theresponsibility for delivery of the electronic message, storing theelectronic message, and reattempting delivery of the electronic messageusing the store-and-forward logic.
 6. The method of claim 1 furthercomprising: queuing the electronic message for delivery; and attemptingto deliver the electronic message.
 7. The method of claim 1 whereindetermining whether to process the electronic message using the proxylogic or the store-and-forward logic is dynamically determined based onat least one of a per-message basis or a per-connection basis.
 8. Themethod of claim 1 further comprising: receiving a plurality of messagesfrom the client sender over a same connection; determining whether atleast one of the plurality of messages is being processed using thestore-and-forward logic; and responsive to a determination that the atleast one of the plurality of messages is being processed using thestore-and-forward logic, processing remaining messages of the pluralityof messages on the same connection using the store-and-forward logic. 9.The method of claim 1 wherein any processing activities completed by theproxy logic prior to the determination that the store-and-forward logicwill continue processing the electronic message are not repeated.
 10. Ina computing environment, a system comprising: at least one processor; amemory communicatively coupled to the at least one processor; and agateway implemented on the at least one processor, the gateway includingboth proxy logic and store-and-forward logic, the gateway configured to:receive an electronic message from a client sender intended for adelivery system; determine whether the electronic message is to beblocked or processed based at least in part on header data, dataidentified in the electronic message, or a detected connection status;responsive to a determination that the electronic message is to beblocked, reject the message using the proxy logic; responsive to adetermination that the electronic message is to be processed, continueto process the electronic message using the proxy logic to perform on ormore scans within a timeout period; determine whether to continueprocessing the electronic message using the proxy logic or thestore-and-forward logic based upon one or more conditions, the one ormore conditions including at least one of the timeout period, a deliveryfailure, a transient condition, a current load, or a message size;responsive to a determination to continue processing the electronicmessage using the proxy logic, maintain a connection with the clientsender over which the electronic message was received; and responsive toa determination to continue processing the electronic message using thestore-and-forward logic, close the connection with the client sender.11. The system of claim 10 wherein the one or more scans of theelectronic message include at least one of one or more message headerscans or one or more message body scans.
 12. The system of claim 10wherein the gateway is further configured to: determine whether the oneor more scans completed included all body scans of the electronicmessage prior to the timeout period ending; responsive to adetermination that the one or more scans finished all the body scans ofthe electronic message prior to the timeout period ending, continue toprocess the electronic message using the proxy logic; and responsive toa determination that the one or more scans did not finish all the bodyscans of the electronic message prior to the timeout period ending,continue to process the electronic message using the store-and-forwardlogic to complete scanning of the electronic message.
 13. The system ofclaim 10 wherein the gateway is further configured to: determine whetherat least one scan of the one or more scans of the electronic messageresults in a message block; responsive to a determination that the atleast one scan does not result in the message block, queue theelectronic message for delivery; and responsive to a determination thatthe at least one scan results in the message block, quarantine theelectronic message.
 14. The system of claim 10 wherein the gateway isfurther configured to use the store-and-forward logic to process theelectronic message, including storing the electronic message and sendinga response to the client sender that indicates the electronic messagewas accepted before closing the connection over which the electronicmessage was received.
 15. The system of claim 10 wherein the gateway isfurther configured to: queue the electronic message for delivery; andattempt to deliver the electronic message.
 16. The system of claim 10wherein the gateway is further configured to: receive a plurality ofmessages from the client sender over a same connection; determinewhether at least one of the plurality of messages is being processedusing the store-and-forward logic; and responsive to a determinationthat the at least one of the plurality of messages is being processedusing the store-and-forward logic, process remaining messages of theplurality of messages on the same connection using the store-and-forwardlogic.
 17. The system of claim 16 wherein any processing activitiescompleted by the gateway using the proxy logic prior to thedetermination that the store-and-forward logic will continue processingthe electronic message are not repeated.
 18. One or more computerstorage devices having computer-executable instructions, which onexecution by a computer cause the computer to perform operations,comprising: receiving, by a gateway, an electronic message from a clientsender intended for a delivery system, the gateway including both proxylogic and store-and-forward logic; determining whether the electronicmessage is to be blocked or processed based at least in part upon headerdata, data identified in the electronic message, or a detectedconnection status; responsive to a determination that the electronicmessage is to be blocked, rejecting the message using the proxy logic;responsive to a determination that the electronic message is to beprocessed, continuing to process the electronic message using the proxylogic to perform on or more scans within a timeout period; determiningwhether to continue processing the electronic message using the proxylogic or the store-and-forward logic based upon one or more conditions,the one or more conditions including at least one of the timeout period,a delivery failure, a transient condition, a current load, or a messagesize, wherein determining whether to continue processing the electronicmessage further comprises: responsive to a determination to continueprocessing the electronic message using the proxy logic, maintaining aconnection with the client sender over which the electronic message wasreceived; and responsive to a determination to continue processing theelectronic message using the store-and-forward logic, closing theconnection with the client sender over which the electronic message wasreceived.
 19. The one or more computer storage devices of claim 18wherein determining whether to process the electronic message using theproxy logic or the store-and-forward logic is dynamically determinedbased on at least one of a per-message basis or a per-connection basis.20. The one or more computer storage devices of claim 18 having furthercomputer-executable instructions comprising: determining whether the oneor more scans completed included all body scans of the electronicmessage prior to the timeout period ending; responsive to adetermination that the one or more scans finished all the body scans ofthe electronic message prior to the timeout period ending, continuing toprocess the electronic message using the proxy logic; and responsive toa determination that the one or more scans did not finish all of thebody scans prior to the timeout period ending, continuing to process theelectronic message using the store-and-forward logic to completescanning of the electronic message.